BlueHat Security Briefings: Fall 2010 Sessions

BlueHat v10: A Security Odyssey, October 14-15 at the Microsoft corporate headquarters

The primary objective of the BlueHat Conference Series is to build bridges between Microsoft developers and executives, key security program partners, and members of the security research community while educating the greater Microsoft population on security threats and mitigations.

This year's conference builds upon the momentum of past events by showcasing how individual strategies can intersect to offer substantial benefits and positive-sum outcomes. We are looking to demystify global and regional security threats, and to create channels for productive information exchange on common threats that affect all the players of the security ecosystem.

Session Videos

John Lambert talks about nine trends that will affect exploitation over the next decade. A number of technological, social, and environmental trends will change the world of exploitation as we've known it in the 2000s. This has lessons alike for defense, attack, and customers in the middle.

This presentation discloses some of the challenges seen by the Microsoft Security Resource Center (MSRC) in addressing modern vulnerabilities. As SDL weeded out the simple buffer overflow, vulnerabilities have become more complex in nature and thus more challenging to address. The goal of this presentation is to provide insight into Microsoft's techniques and processes in responding to these challenges and to provide lessons learned to other organizations in similar situations.

In this talk we explore the uncharted waters between CyberCrime and CyberWarfare, while mapping out the key players (mostly on the state side) and how past events can be linked to the use of syndicated CyberCrime organizations when carrying out attacks on the opposition.

In August 2010 we released the new version of EMET with brand new mitigations and a new user interface experience. Two new mitigations are included in this version: Mandatory ASLR (breaking current ROP exploits relying on DLLs located at predictable addresses) and Export Address Table filtering (EAF) (breaking virtually the big majority of shellcodes from running). EMET is not bulletproof but will break a lot of the bad guys' tools and exploits. EMET makes it possible for f.i. to have SEHOP on an XP machine.

Return-oriented programming is one of the most advanced attack techniques available today. This talk presents algorithms that allow an attacker to search for and compose gadgets regardless of the underlying architecture using the REIL meta language. We show a return-oriented compiler for the ARM architecture as a proof-of-concept implementation of the algorithms developed and discuss applications for the iPhone iOS platform.

There are a number of design flaws that plague browsers, and the challenge in fixing them tends to be the unwillingness to "break the Web." This puts security designers in the position of making security opt-in choices, and few if any developers and users do because they don't know the real risks. Time to explore these issues in a bit deeper context to see what might be done.